I joined Container Days 2022

A collection of cool tools I found out about

• loki : OSS logging tool
• mizu :(https://getmizu.io) API traffic viewer for Kubernetes
• k8sGitOps: FluxCD and ArgoCD are the two major ones
• Tekton: CI tool
• k9s: CLI tool for accessing and managing k8s resources
• kaniko: a tool to build docker images on k8s cluster
• kustomize: a configuration management tool which allows you to dynamically generate k8s manifests
• bat : cat with syntax highlight
• kns: a quick k8s Namespase switcher

Day one

State of Kubernetes management planes

At the conference, I interfaced with several people to gather their opinion on multi-cluster kubernetes management and federation tools. They all seemed to agree that the choice on whether to use such a tool or not boils down to the requirements of your business. For example, you might choose to have multiple “self-managed” clusters per team or product or departments. However, you might also might want to manage all these clusters centrally from a management cluster, this is where federation and provisioning tools come into play.

There are various tools that fall into the k8s management domain. Some management tools come as SaaS, like in the case of Rancher or Spectro Cloud, while others are self-hosted like Crossplane from Upbound. In the end all of these tools achieve the same thing. One tool that stood out the most in my conversations was Crossplane which on top of trying to create and manage k8s clusters, also tries also to abstract hyperscaler infrastructure provisioning, such as AWS RDS, somewhat overlapping with IaC tools such as Terraform.

Kubernetes operators

At CD2022, I had the opportunity to learn about Kubernetes Operators, what they are, how to implement them and how to share them or find the ones that already exist.

What are Kubernetes operators?
Operators allow an engineer to extend the functionality of the base Kubernetes platform with custom functionality. That functionality can be anything you can think of that can be implemented in code. When you create an operator, you define its API (CRD) and acceptable values for that APIs’ parameters. Once created and installed on your k8s cluster, you can create a resource for your operator using the kubectl utility. Your resource will trigger your Operator’s code which in turn implements a functionality.

How to find existing operators?
The place to share and find Kubernetes operators is https://operatorhub.io. There you can find existing operators, which other people, or companies, share, or add the one you created. Some popular operators include the ones that abstract the creation of Elasticsearch, Keycloak or Grafana. Think of them as your Terraform modules for your Kubernetes cluster.

Stop configuring infrastructure, start coding it

CDKallows you to define AWS infrastructure using commonly used programming languages, such as Python or Javascript. On top of that, it provides you the ability to transpile code from one language to another, which can bridge the communication between people with different opinions. However, it’s important to note that AWS CDK does not invoke the AWS API directly, like Terraform does. Instead, it creates CloudFormation templates which in turn create the defined infrastructure. Essentially, one could think of CDK as a generator.

How to manage distributed storage on Kubernetes

Managing storage or DBs on Kubernetes clusters has always been a challenge. Portworx has created a product which abstracts the management of storage on Kubernetes. At CD2022 I had the opportunity to get a walkthrough on what Portworx is at it’s core. Essentially, Portworx provides a Kubernetes operator which extends the platform with Custom Resource Definitions (CRDs). These CRD allow the developer to define the type and size of storage they require. In turn the operator creates the necessary PVs and PVCs to satisfy the requirements. On top of that, portworx provides the ability to take snapshots and backups.

How Launch Darkly works

Launch Darkly is a SaaS which allows you to implement feature toggles which allow you to enable or disable some functionality. At CD2022 I had the opportunity to talk with one of the engineers and found out how LD works with a high overview. In essence, LD provides the developer with a library to include in their code. This library talks with LD’s feature toggle panel and gets the state (toggles) of the features. When a feature is toggled, the code from the library returns a string which tells the app that the feature has been turned on. It is then up to the app to interpret the feature toggle with additional functionality.

Day two

Is it safe to run databases on Kubernetes?

I joined a talk from Nicolas Vermande who showed us that Kubernetes operators extract a lot of the responsibility of managing and maintaining the availability of a database from the engineer. Simply put, if you plan on running a database or a stateful workload on kuberntes make sure there’s an operator for it which can handle all the responsibility of maintaining and upgrading that application.

Moving beyond operators on Kubernetes

An interesting concept was presented at CD22 where the authors claim that operators and CRD are a glue logic between our k8s clusters and SaaS providers. Apart from not being scalable on multiple clusters, they’re hard to trust and add unnecessary complexity. Instead of using operators the authors presented a possible future implementation (in Kubernetes) in which the only thing an engineer has to manage is an API resource. The resource will create and provide a URL for the SaaS service which will be exposed and consumed by the apps running on k8s. Essentially, the authors propose the operator logic/code to be deployed, executed and managed on the SaaS provider and the only thing that the engineer will have to manage is the API connection resource thus simplifying the scalability of operators and CRD on multiple clusters.

How to create trusted execution environments in the public cloud?

More than often organizations, especially large enterprises, have difficulty trusting the underlying infrastructure on top of which workloads are executed. Thus adoption of public clouds stagnates. In this case, the author presented 3 possible solutions which can alleviate that anti-trust. The solutions includes the usage MarbleRun , a tool which leverages Intels’ SGX technology to execute the k8s ControlPlane in a trusted environment. Not only that, the author introduced Constellation, a tool which allows you to secure not only the Control Plane but also the workloads which run on top of k8s. The aforementioned tools can be used with a lift-and-shift strategy.

Takeaways

Contaner Days 2022 is a decent international conference and I feel that I did get in touch with current and some future developments in the space on containerized workloads.

Hamburg is the 2nd largest city (by population) in Germany and has a great public transport with lots of options for car, bike and step sharing. There are plenty of things to do during the day and night. Check out the U-boat museum, a real 1970 Russian submarine, if you’re around.

Crossplane from Upbound was a highly praised tool which attempts to abstract infrastructure provisioning from the engineer and make things as seamless as possible. It’s probably the tool I’m going to be exploring next.

Thanks for reading!